Trend Micro’s Rik Ferguson blogs about current security issues.

Targeted to appeal to executive vanity

A friend of mine received an “interesting” email today. The friend in question is a senior director with an global software company and this targeted spear phishing attack was clearly designed to appeal to his executive vanity. Presumably with the aim of harvesting enough details to build a valuable contact database. Click the thumbnail below to view the original mail.

Click to enlarge: The Phish!

The email in question was adressed to the victim’s correct first name and informs them that they have been

“selected by the nomination committee to represent your industry in the Top 100 Business Leaders of 2010“

All the unfortunate mark needs to do is “verify your biographical information and obtain your photo and/or company logo prior to the upcoming publication deadline“.

There are a couple of clues in the mail that should serve as warning signs… Firstly there is no mention of when the spurious deadline actually falls, clearly an attempt to prolong the shelf life of the scam, also both URLs embedded within the mail have been obfuscated with URL shortening services.

The eventual landing page of the phishing mail looks like the below:

If the mail itself wasn’t enough to make you suspicious, the website should be! It is one single page, there are no links to any contact or corporate information and the only quote on the site is of course unattributed. Finally the graphic on the site seems to suggest issues of the Top 100 magazine dating back to 2004, the domain was only registered in October of this year and of course the details of the registrant are protected.

In the case of unsolicited mail, always look a gift horse in the mouth; after all that’s where the Greeks hid their spies.